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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . This communication is responsive to 10/7/2008 . 

2. ^ The allowed claim(s) is/are 1,6-9 and 11 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b)DSome* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1. 84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 
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DETAILED ACTION 

In view of Appeal Brief filed on 7 October 2008 and an authorization for this Examiner's 
Amendment given in a telephone interview with Holmes W. Handerson (Reg. No. 37,272) on 1 1 
November 2008, the claimed subject matters are thus distinctly pointed out as patentable 
features to place the application in the condition for allowance. 

Terminal Disclaimer 

The terminal disclaimer filed on 21 March 2008 disclaiming the terminal portion of any 
patent granted on this application which would extend beyond the expiration dates of the full 
statutory term of the patent granted on pending reference Application Number 1 0/661 ,657 has 
been reviewed and is accepted. The terminal disclaimer has been recorded. 

Examiner's Amendment 

An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this Examiner's Amendment was given in a telephone interview with 
Holmes W. Handerson (Reg. No. 37,272) on 11 November 2008. 

This application has been amended as follows: 
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IN THE CLAIMS 

Cancel claim 2 - 5, 10 and 12-15. 
Replace claim 1, 9 and 11 as follows. 
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Claim 1: 

A method of securing packet data transferred between a first and second member of a 
private network coupled to client edge devices over a backbone comprising a plurality of 
provider devices including provider edge devices, the backbone operating according to a routing 
protocol, the method comprising the steps of: 

encapsulating a private address of a packet from the first member with a group header 
including a public address associated with the first member and a group address to generate a 
tunneled packet; 

transforming, at a client edge device, the tunneled packet by first applying a same group 
security association associated with the private network to the tunneled packet of a different 
non-group point-to-point connection to provide a secure tunneled packet and then adding a 
header field to the secure tunneled packet, the added header field including a gateway address 
associated with the first member of the private network and a destination address of the second 
member of the private network to provide a client transformed packet; 

forwarding the client transformed packet to a provider edge device; and 
replacing, at the provider edge device, a destination field of the packet with a group 
identifier associated with the private network for routing the packet across the backbone. 
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Claim 9: 

A method of securing packet data transferred between a 
first and second member of a private network over a backbone, the first and second member of 
the private network being coupled to respective client edge devices and the backbone 
comprising a plurality of provider devices including provider edge devices, the backbone 
operating according to a routing protocol, the method comprising the steps of: 

determining, responsive to a gateway address of a packet, whether a packet received 
from a client edge device at a provider edge device of the backbone has been transformed to 
secure packet data transferred across the backbone , wherein transforming, at said client edge 
device, is by applying a same group security association associated with the private network to 
the received packet of a different non-group point-to-point connection : 

modifying at least one field of the packet to replace a destination address of the packet 
with a group identifier associated with the private network responsive to a determination that the 
gateway address of the packet indicates that the packet is a member of the private network. 

Claim 11: 

A system for transforming packets for forwarding between a plurality of members 
coupled to client edge devices of a private network over a backbone comprised of a plurality of 
provider devices including provider edge devices in a scalable private network, wherein the 
backbone operates according to a protocol, the apparatus comprising: 

a key table, the key table including a security association for each private network that 
the node is a member; 

a client edge device including: 
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a tunneling mechanism for encapsulating packets that are to be transferred to the 
backbone in a public address including a gateway address and a group address to provide a 
tunneled packet; and 

transform logic operable to apply a security association to the tunneled packet and to 
append a header to the tunneled packet, the header including a gateway address and a 
destination address to provide a transformed packet for transmission by the client edge device 
to the backbone , wherein transforming, at said client edge device, is by applying a same group 
security association associated with the private network to the tunneled packet of a different 
non-group point-to-point connection : 

a provider edge device coupled to the client edge device, the provider edge device comprising a 
virtual route forwarding table for storing group identifiers associated with destination addresses 
and means, responsive to the gateway address of the header, for selectively updating the 
destination field of the packet with a group identifier for routing the packet across the backbone. 



Allowable Subject Matter 

Claims 1,6-9 and 1 1 are allowed. 

The following is an examiner's statement of reasons for allowance: 
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of 
record fails to teach or render obvious the claimed limitations in combination with the specific 
added limitations recited in claims 1, 9 and 11 (& associated dependent claims). 

The present invention is directed to a method of securing packet data transferred 
between a first and second member of a private network coupled to client edge devices over a 
backbone comprising a plurality of provider devices including provider edge devices, the 
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backbone operating according to a routing protocol. No singular art disclosing, nor motivation to 
combine has been found to anticipate or render obvious the claimed invention of transforming, 
at a client edge device, the tunneled packet by first applying a same group security association 
associated with the private network to the tunneled packet of a different non-group point-to-point 
connection by encapsulating a private address of a packet from the first member with a group 
header including a public address associated with the first member and a group address to 
generate a tunneled packet and to provide a secure tunneled packet and then adding a header 
field to the secure tunneled packet, the added header field including a gateway address 
associated with the first member of the private network and a destination address of the second 
member of the private network to provide a client transformed packet. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the 
issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons 
for Allowance." 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Longbit Chai/ 

Primary Patent Examiner 
Art Unit 2431 
11/01/2008 



